Caddy Docker File Configuration

Help
1

1. The problem I’m having:

Hello, I am trying to determine if these is a better way to use caddy. So far it appears to require too many extra steps that seem like a security risk from my limited experience.

2. Error messages and/or full log output:

I am not getting any error messages, I just want to know if for caddy to work, all of these:
remapping ports to free ones.
opening ports 80 and 443 on router
pointing my custom domain using A record to the server’s public IP, not private.
are necessary for it to work, as public IPs can change.

3. Caddy version:

caddy:2.11.3-alpine

4. How I installed and ran Caddy:

I installed caddy using the official caddy docker file.

a. System environment:

Truenas 25.10.3.1, running caddy in a dockage app.

c. Service/unit/compose file:

```
services:
caddy:
image: caddy:2.11.3-alpine
restart: unless-stopped
cap_add:

  • NET_ADMIN
    ports:
  • 18080:80
  • 18443:443
  • 18443:443/udp
    volumes:
  • ${CONFIG_PATH}/caddy:/etc/caddy
  • $PWD/site:/srv
  • caddy_data:/data
  • caddy_config:/config
    volumes:
    caddy_data: null
    caddy_config: null
    networks: {}
    ```

d. My complete Caddy config:

```
immich.almondu-peko.com {
reverse_proxy 192.168.0.125:30041
}
```

2

Yes, it’s necessary. Webservers must have ports 80 and 443 open for HTTP and HTTPS traffic to reach it.

Why can’t you use ports 80/443 instead of 18080/18443? What are you trying to solve with that?

If you’re running this on your home server, and your ISP doesn’t give you a static IP, then yes your IP may change (usually very rarely though, they don’t tend to need to change your assigned IP very often). If that happens then yes you may need to change your DNS records to update it.

If you want more peace of mind, you can use GitHub - mholt/caddy-dynamicdns: Caddy app that keeps your DNS records (A/AAAA) pointed at itself. · GitHub, plugin to automate updating your DNS records if your public IP changes. Depends which DNS provider you use, you also need to add the plugin for your DNS provider (e.g. Cloudflare, if that’s what you use).

3

Hello, thank you for your reply! Now I understand. So both are necessary. I use ports 18080/18443 since the standard 80 and 443 are already taken by another app I got running in my home server, nginx.

I did not expect to need to expose so much for caddy to work but it does make sense now that you have explained it.

I actually found a workaround, which is cloudflare tunnels. I was able to achieve the same goal with less hustle and information exposure, depends how you look at it.

4

I strongly recommend getting rid of nginx and using Caddy to replace it. They serve the same purpose, but Caddy does it better with built-in ACME automation, which nginx cannot do.

Cloudflare tunnels is fine, but idk what you think is “information exposure”, exposing two ports is the entire point of a webserver. Don’t you want your app accessible publicly? That’s the point.